Calling those systems cryptosystems is a strectch. The fact that the researchers were able to attack it by extracting the cipher means it was operating under "security through obscurity". Real cryptographic systems don't.
In building a cryptographic system you should not only expect but ASSUME the attacker will have EVERYTHING except the private key/data. He has all public data, copies of other plaintext, copies of other cipher text, all initialization vectors, complete understanding of the algorithm and the system, whitepapers, all other cryptographic analysis and .... the system should STILL BE SECURE.
With SHA-256 there is nothing to "find".
Here is the representation of 1 round of the SHA-256 hash (64 rounds for final hash):
Here are the functions:
Here are the eight h values:
Here are the 64 k values:
There are no secrets. Every part of the code is publicly available and has been vetted by cryptographers around the world.
So what does the failure of GMR mean?
"Security through obscurity is no security at all" is still alive and well. One would think after 3 decades of near continual hacks, breaks, and attacks on weak systems (WEP, GSM, CSS, etc) involving "obscurity" that companies would learn but they likely never will.
I could not agree more. The cracked systems are in reality a form of DRM and not cryptography based any sound mathematical principals. Bitcoin has nothing to fear from this any more that than from the cracking of the latest DRM promoted by the MPAA or RIAA. Security by obscurity is digital snake oil; however it is a multi billion dollar digital snake oil business, protected by legislation in many parts of the world. Its most popular application is of course DRM. In building a cryptographic system you should not only expect but ASSUME the attacker will have EVERYTHING except the private key/data. He has all public data, copies of other plaintext, copies of other cipher text, all initialization vectors, complete understanding of the algorithm and the system, whitepapers, all other cryptographic analysis and .... the system should STILL BE SECURE.
With SHA-256 there is nothing to "find".
Here is the representation of 1 round of the SHA-256 hash (64 rounds for final hash):
Here are the functions:
Here are the eight h values:
Code:
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
Here are the 64 k values:
Code:
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
There are no secrets. Every part of the code is publicly available and has been vetted by cryptographers around the world.
So what does the failure of GMR mean?
"Security through obscurity is no security at all" is still alive and well. One would think after 3 decades of near continual hacks, breaks, and attacks on weak systems (WEP, GSM, CSS, etc) involving "obscurity" that companies would learn but they likely never will.
